1. Security Group :
Security group like a virtual firewall. It has inbound and outbound security rules in which all inbound traffic is blocked by default in private on AWS EC2. It does not allow particular protocol no one will able to access our instances using this protocol you can stop traffic by using that rule by default everything that is denied. There are various multiple security groups on EC2 instances.we can not block a specific IP address using that security group but using the network access list. In which we edit any rule a security group with faster effect.
2. Network Access Control List (Network ACL) :
Network ACL is a modifiable default network. It allows all the inbound or outbound IPv4 traffic and here we create a type of custom network all or each custom network ACL denies all inbound and outbound traffic. This network is the stateless and separate inbound and outbound rule with a default limit of 20 for both rules and starting with the lowest numbered rule. In which all subnet in VPC must be combined with network ACL one subnet -one network ACL at a time. It supports rules and deny rules and operate the subnet level.
Difference between Security Group and Network ACL :
|Security Group||Network Access Control List|
|In security group, we operates at instance level.||In network ACL, we operate sub net level.|
|It support only allow rules.||It support allow rules and deny rules.|
|It is stateful, when we create an inbound or an outbond rule.||It is stateless, it return traffic must be allowed explicitly.|
|We can block specific IP address using SGs.||We can block specific IP Address using NACL.|
|All rules are evaluted before deciding to permit trffic.||Rules are processed in number order when deciding wheather allow traffic.|
|It start with instance launch confriguation.||In which we assigned to subnet for all instance.|
|It applies when someone specifies security group when launching the instance and it assoicates with security group.||They do not depend on user it automatically apply all instances with subnet.|
Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.
- Difference between Network Security and Cyber Security
- Difference between Information Security and Network Security
- Difference between Cyber Security and Information Security
- Network Security
- A Model for Network Security
- Cryptography and Network Security Principles
- Protection Methods for Network Security
- Port Security in Computer Network
- Voice Biometric Technique in Network Security
- Difference between Where and Group By
- Difference Between Security and Protection
- Difference between Antivirus and Internet Security
- Difference between order by and group by clause in SQL
- Difference between Endpoint Security and Antivirus Software
- Difference between Storage Area Network (SAN) and Network Attached Storage (NAS)
- Difference between Cellular and Ad hoc network
- Difference between Network OS and Distributed OS
- Difference between Network and Internet
- Difference between 2G and 3G Cellular Network
- Difference between Secure Socket Layer (SSL) and Transport Layer Security (TLS)
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.